Running Untrusted Code in Node

F70874714f4bb31b2ab4b6c70de39b04?s=47 Dave Wasmer
February 25, 2014
Technology
0
270

Running Untrusted Code in Node

Running untrusted code in Node in a safe mode while handling the lode.

F70874714f4bb31b2ab4b6c70de39b04?s=128

Dave Wasmer

February 25, 2014
Tweet

More Decks by Dave Wasmer

See All by Dave Wasmer
F70874714f4bb31b2ab4b6c70de39b04?s=48 davewasmer
0
45
F70874714f4bb31b2ab4b6c70de39b04?s=48 davewasmer
4
400
F70874714f4bb31b2ab4b6c70de39b04?s=48 davewasmer
0
63
F70874714f4bb31b2ab4b6c70de39b04?s=48 davewasmer
1
130

Other Decks in Technology

See All in Technology
40301c0affdf359eaca771713e22b71a?s=48 harshbothra
0
950
69f5ab96892df4d8cbe32189f2ed2d9d?s=48 heyinc
2
11k
80c79a9d024d1e1a253893a78189ce6d?s=48 ujnak
1
140
A645e7c3a6635ead8fa323c583769591?s=48 hololab
0
280
Dd672f13e7e17714700544cb355cbaba?s=48 kyoshimoto
2
220
9e7a653ed313b3da4b263a772bfc5026?s=48 clustervr
0
390
C786d7772602b488a7972c38c143f61c?s=48 con_mame
3
1.7k
B1cc148711c6a37a5c922b6e72a4ad52?s=48 upura
1
950
229b1596ce57cd0935a2bacd410d87a0?s=48 aaaddress1
0
390
69b4dadef85efe143ac825b62d36ed7c?s=48 fruitriin
3
310
706ff501573a736401aa4de5adc88e05?s=48 nihonbuson
3
1k
48a351a06897d7cc9721e2ddb7198e8a?s=48 dougpuob
0
110

Featured

See All Featured
78b475797a14c84799063c7cd073962f?s=48 holman
287
130k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
142
19k
56c4053438af8e8b90d6f53cbb7573be?s=48 jakevdp
766
190k
016edace78ffe826f2348d1e0c504afd?s=48 maggiecrowley
2
180
1519587b1a0febb658c36c94f6272b0d?s=48 roundedbygravity
84
7.6k
C51b39fa3c79ccb99dcb8a076bc98287?s=48 brianwarren
83
4.5k
Aff5641764408271f7bc398f2097edd0?s=48 denniskardys
218
110k
D67fff74178013024d833b3eec6cf27f?s=48 lynnandtonic
265
16k
C7393b7ba7ec9c8890dd77d209fbb3c9?s=48 maltzj
497
36k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
498
130k
C35e01544a0dd94a2cf1619ee8a42ebb?s=48 clairelew
7
1.1k
8081b26e05bb4354f7d65ffc34cbbd67?s=48 chriscoyier
681
180k

Transcript

  1. Running untrusted code in Node in a safe mode while

    handling the lode

  2. lode?

  3. Dave Wasmer @davewasmer Developer @ Kinvey yep, this slide …

  4. Kinvey Backend as a service … and this one.

  5. What goes into backend as a service?

  6. None

  7. Lots o’ stuff • Data storage • User management •

    Twitter, Facebook, G+, LinkedIn • OAuth, LDAP, Active Directory • File storage • don’t forget CDN delivery • Push notifications • Emails • 3rd Party API Integration • Analytics • a whole lot more ..

  8. What if CRUD ain’t enough?

  9. enter: Business Logic!

  10. Run your code on our servers

  11. Custom JavaScript execution?!

  12. eval(customerCode); // Genius, mirite? NO!

  13. The Problem We needed a safe, scalable way to run

    arbitrary (possibly malicious) JavaScript on our servers.

  14. Safety • Can’t allow access to: • filesystem • shared

    memory • Kinvey internals • State is evil!

  15. Scalablity • Needs to scale horizontally • i.e. spin up

    new instances on-demand • automatically add to resource pool • Optimize for usage • not running huge computations - short, frequent bursts of activity • 2x per API request is possible!

  16. Our solution to scalability KCS KCS KCS KBL KBL KBL

    Redis Work Master Child Child Child Child

  17. Our solution to scalability KCS KCS KCS KBL KBL KBL

    Redis Work Master Child Child Child Child

  18. Our solution to scalability KCS KCS KCS KBL KBL KBL

    Redis Work Master Child Child Child Child

  19. Our solution to scalability KCS KCS KCS KBL KBL KBL

    Redis Work Master Child Child Child Child

  20. Our solution to scalability Work Master Child Child Child Child

  21. Safety Concerns • How to run arbitrary JS code? •

    Three issues • System access (filesystem, network, etc) • Application access (application state, data, etc) • Stupidity / DoS (while (true), forgot to signal async completed)

  22. System access • Filesystem • Severely limited or none •

    Network • Partially limited

  23. Our solution to system access ! // Setting things up

    ! try { script = vm.createScript(codeAsStr); } catch (e) { // syntax error! } ! sandbox = generateNewSandbox()

  24. generateNewSandbox = function(){ ! var sandbox = {}; sandbox.complete =

    function(){ runNextTask(); }; sandbox.whateverYouWant = function(){ ... } return sandbox; ! } Our solution to system access

  25. ! // Running the untrusted script try { script.runInNewContext(sandbox) }

    catch (e) { // e will be any immediate (synchronous) // runtime errors } Our solution to system access

  26. Application access • Data • Permissions

  27. Our solution to application access ! // inside generateNewSandbox() !

    sandbox.db = { find: function(query, callback) { // do db stuff callback(null, result) // <- Careful! }, ...
 }

  28. Stupidity / DoS • while (true) {} // single-threaded ftw!

    • function onPreSave(req, res, modules) {
 doSomeAsyncStuff()
 } // kthxbai • function doSomeAsyncStuff() {
 setTimeout(function(){ 
 throw new Error() 
 }, 100000); // muhahaha
 }

  29. Our solution to stupidity / DoS Work Master Child Child

    Child Child

  30. Our solution to stupidity / DoS Work Master Child Child

    Child Child

  31. Our solution to stupidity / DoS ! // For handling

    callback errors process.on(‘uncaughtException’, function(){ // handle it here });

  32. Wrap-up